Microsoft stands up for customer rights — fights US government search warrant

Microsoft has been issued with a search warrant from the US government asking that the company hand over details about customers that is held on servers outside of the US. But the company is fighting back, saying that the warrant cannot be used across borders to obtain data from overseas, and is not justified by law.

The resistance is the latest stance from Microsoft after it recently called for reforms to be made to government surveillance. Brad Smith, Microsoft’s General Counsel & Executive Vice President, Legal & Corporate Affairs said that the US government should only be able to request access to data held within its own boundaries, and pointed out that user trust was being undermined by requests for overseas data.

The latest battle concerns a warrant that seeks to gain access to emails stored at a Microsoft data center in Ireland that related to an on-going drug-trafficking investigation. The warrant was issued back in December by a judge in New York but Microsoft is keen to at least be seen to be fighting for customer rights and privacy. This is partly out of a sense of integrity, but also out of fear that simply caving in to such demands could be bad for business as customers could move elsewhere.

An anonymous Microsoft official is quoted by the Washington Post as saying that the revelations about government surveillance “certainly put a premium on demonstrating to people that we are fighting”.

As more and more businesses and services move to the cloud, it is becoming increasingly common for US companies to host data outside US borders. While the data has to be subject to some laws, Microsoft argues that the arm of US law should not reach that far. Moreover, the company agues that the US government should communicate with the government of the country in which data is stored so that the correct legal routes can be followed.

For example, as the Washington Post points out, in Ireland the approval of an Irish district court judge is needed to obtain data about email. But it is not just Ireland that is of interest; Microsoft has data centers in dozens out countries all around the world.

Of course there is a counter argument. The US government suggests that the location of data is unimportant. Microsoft is a US-based company so it should be subject to US law, is the implication. The matter is further complicated by the route emails take. Which country’s law should apply first in cross-border communication — the country the email was sent from, or where it was received and opened?

Do you feel that Microsoft is fighting your corner? Do you feel the reach of the US government should be curtailed?